Account & Security
Webhooks
Receive inference results asynchronously via HTTP callbacks.
Webhooks are a feature of the DEVUP Native API. They are not supported with the OpenAI-compatible API. Webhooks let you submit an inference request and receive the result via an HTTP callback, instead of waiting for the response synchronously. This is useful for long-running requests or fire-and-forget workloads.
How it works
Add a webhook parameter to your request. The API immediately responds with status queued, then calls your webhook URL with the result once inference is complete.
Text generation example
import { TextGeneration } from "devupai";
const client = new TextGeneration(
"https://api.devupai.com/v1/inference/deepseek-ai/DeepSeek-V3",
"$DEVUP_API_KEY"
);
const res = await client.generate({
input: "<|begin_of_text|><|start_header_id|>user<|end_header_id|>\n\nHello!<|eot_id|><|start_header_id|>assistant<|end_header_id|>\n\n",
stop: ["<|eot_id|>"],
webhook: "https://your-app.com/devupai-webhook"
});
console.log(res.inference_status.status); // "queued"Embeddings example
curl "https://api.devupai.com/v1/inference/Qwen/Qwen3-Embedding-8B" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DEVUP_API_KEY" \
-d '{
"inputs": ["I like chocolate"],
"webhook": "https://your-app.com/devupai-webhook"
}'Webhook payload
On success, your endpoint receives:
{
"request_id": "R7X9fdLIaF56lVisBAi5xR3E",
"inference_status": {
"status": "succeeded",
"runtime_ms": 228,
"cost": 0.0001140000022132881
},
"results": { ... }
}On failure:
{
"request_id": "RHNShFanUP5ExA8rzgyDWH88",
"inference_status": {
"status": "failed",
"runtime_ms": 0,
"cost": 0.0
}
}Verifying webhook signatures
Every webhook delivery includes an X-DevUp-Signature header containing an HMAC-SHA256 hex digest of the raw request body, signed with your webhook secret. Always verify this signature before processing the payload to prevent spoofed requests.
| Header | Value |
|---|---|
| X-DevUp-Signature | HMAC-SHA256 hex digest of the raw JSON body |
Example verification in Node.js:
import crypto from "crypto";
function verifySignature(
rawBody: string,
secret: string,
signature: string
): boolean {
const expected = crypto
.createHmac("sha256", secret)
.update(rawBody, "utf8")
.digest("hex");
const a = Buffer.from(signature, "hex");
const b = Buffer.from(expected, "hex");
if (a.length !== b.length) return false;
return crypto.timingSafeEqual(a, b);
}
// In your webhook handler:
const isValid = verifySignature(
rawBody,
process.env.DEVUP_WEBHOOK_SECRET!,
req.headers["x-devup-signature"] as string
);
if (!isValid) {
return res.status(401).json({ error: "Invalid signature" });
}crypto.timingSafeEqual instead of === to prevent timing-based attacks.Retry behavior
Retry Policy: 3 delivery attempts with exponential backoff (30s, 5min, 30min). After 3 failed attempts, the webhook is dropped.